2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2017-01-05" ,
"extends_uuid" : "" ,
"info" : "OSINT - MM Core In-Memory Backdoor Returns as \"BigBoss\" and \"SillyGoose\"" ,
"publish_timestamp" : "1483874295" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1483873066" ,
"uuid" : "58720d9e-8b54-40a9-9d80-42e7950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:tool=\"MM Core\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#006262" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ecsirt:malicious-code=\"malware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483869612" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58720dac-52b8-4003-a6c3-4836950d210f" ,
"value" : "https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483869659" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "58720ddb-b720-488b-a2bf-43c2950d210f" ,
"value" : "In October 2016 Forcepoint Security Labs\u00e2\u201e\u00a2 discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as \u00e2\u20ac\u0153BaneChant\u00e2\u20ac\u009d, MM Core is a file-less APT which is executed in memory by a downloader component. It was first reported in 2013 under the version number \u00e2\u20ac\u01532.0-LNK\u00e2\u20ac\u009d where it used the tag \u00e2\u20ac\u0153BaneChant\u00e2\u20ac\u009d in its command-and-control (C2) network request. A second version \u00e2\u20ac\u01532.1-LNK\u00e2\u20ac\u009d with the network tag \u00e2\u20ac\u0153StrangeLove\u00e2\u20ac\u009d was discovered shortly after.\r\n\r\nIn this blog we will detail our discovery of the next two versions of MM Core, namely \u00e2\u20ac\u0153BigBoss\u00e2\u20ac\u009d (2.2-LNK) and \u00e2\u20ac\u0153SillyGoose\u00e2\u20ac\u009d (2.3-LNK). Attacks using \"BigBoss\" appear likely to have occurred since mid-2015, whereas \"SillyGoose\" appears to have been distributed since September 2016. Both versions still appear to be active."
} ,
{
"category" : "Network activity" ,
"comment" : "Gratem Second Stage Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872236" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "587217ec-4e98-42bf-b74a-424b950d210f" ,
"value" : "http://adnetwork33.redirectme.net/wp-content/themes/booswrap/layers.png"
} ,
{
"category" : "Network activity" ,
"comment" : "Gratem Second Stage Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872236" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "587217ec-c724-4dcf-932a-4f85950d210f" ,
"value" : "http://network-resources.net/wp-content/themes/booswrap/layers.png"
} ,
{
"category" : "Network activity" ,
"comment" : "Gratem Second Stage Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872237" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "587217ed-cfd4-4326-997a-417a950d210f" ,
"value" : "http://adworks.webhop.me/wp-content/themes/bmw/s6.png"
} ,
{
"category" : "Network activity" ,
"comment" : "Gratem Second Stage Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872238" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "587217ee-116c-47fa-9494-43ad950d210f" ,
"value" : "http://adrev22.ddns.net/network/superads/logo.dat"
} ,
{
"category" : "Network activity" ,
"comment" : "Gratem Second Stage Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872238" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "587217ee-18bc-4247-9bca-43da950d210f" ,
"value" : "http://davidjone.net/network/superads/logo.dat"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core C2s" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872266" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5872180a-6d30-4ddc-b39f-4ee3950d210f" ,
"value" : "http://presspublishing24.net/plugins/cc/mik.php"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core C2s" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872266" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5872180a-39ac-43e5-9fcc-4ca4950d210f" ,
"value" : "http://presspublishing24.net/plugins/slm/log.php"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core C2s" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872267" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5872180b-eb54-473f-b2a7-4e36950d210f" ,
"value" : "http://presspublishing24.net/plugins/xim/trail.php"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872309" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58721835-9658-4fa8-a5f7-4337950d210f" ,
"value" : "http://mockingbird.no-ip.org/plugins/xim/top.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872310" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58721836-b8e8-4eaf-8b19-4c34950d210f" ,
"value" : "http://presspublishing24.net/plugins/xim/top.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872310" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58721836-1084-43fc-8c42-45b9950d210f" ,
"value" : "http://ichoose.zapto.org/plugins/cc/me.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872311" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58721837-2fbc-460a-9f83-4899950d210f" ,
"value" : "http://presspublishing24.net/plugins/cc/me.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872312" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58721838-2b78-40e9-b9c9-4b77950d210f" ,
"value" : "http://waterlily.ddns.net/plugins/slm/pogo.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872312" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58721838-f638-4bba-9e22-497b950d210f" ,
"value" : "http://presspublishing24.net/plugins/slm/pogo.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872313" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58721839-a2b4-4163-a22b-45a1950d210f" ,
"value" : "http://nayanew1.no-ip.org/plugins/xim/top.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872314" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5872183a-f23c-4ff6-9b56-46f8950d210f" ,
"value" : "http://davidjone.net/plugins/xim/top.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872314" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5872183a-3db8-4a61-a3a2-4175950d210f" ,
"value" : "http://hawahawa123.no-ip.org/plugins/xim/logo.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "MM Core Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872315" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5872183b-f2a4-4a22-8227-4e18950d210f" ,
"value" : "http://davidjone.net/plugins/xim/logo.jpg"
} ,
{
"category" : "Network activity" ,
"comment" : "Dropper/Downloader Payload Locations" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872340" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58721854-dbb0-4266-8413-407b950d210f" ,
"value" : "http://davidjone.net/huan/normaldot.exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Related Gratem Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872362" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872186a-99b0-411a-b17c-44c8950d210f" ,
"value" : "673f315388d9c3e47adc280da1ff8b85a0893525"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Related Gratem Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872363" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872186b-b6b8-4a62-b94b-4268950d210f" ,
"value" : "f7372222ec3e56d384e7ca2650eb39c0f420bc88"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872524" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872190c-2478-489c-bd2a-443a950d210f" ,
"value" : "f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872525" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872190d-7000-425a-a1b5-4f13950d210f" ,
"value" : "ef59b4ffc8a92a5a49308ba98cb38949f74774f1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872525" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872190d-e9c8-44e3-8919-407d950d210f" ,
"value" : "1cf86d87140f13bf88ede74654e01853bae2413c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872526" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872190e-9338-4dba-8635-4fa9950d210f" ,
"value" : "415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872527" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872190f-fb0c-430d-bf45-4450950d210f" ,
"value" : "e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872527" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872190f-935c-4383-a9a9-479d950d210f" ,
"value" : "83e7b2d6ea775c8eb1f6cfefb32df754609a8129"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872528" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721910-04ec-4145-8714-4d34950d210f" ,
"value" : "b931d3988eb37491506504990cae3081208e1a66"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872529" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721911-bfa4-42ff-9b08-4f4c950d210f" ,
"value" : "7031f4be6ced5241ae0dd4315d66a261f654dbd6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872529" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721911-9064-4f63-899c-4398950d210f" ,
"value" : "ab53485990ac503fb9c440ab469771fac661f3cc"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872530" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721912-becc-4f40-8b4f-4d88950d210f" ,
"value" : "b8e6f570e02d105df2d78698de12ae80d66c54a2"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872531" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721913-5370-4f55-b6ca-48c1950d210f" ,
"value" : "188776d098f61fa2c3b482b2ace202caee18b411"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872532" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721914-6ba8-4b62-b14f-4ea1950d210f" ,
"value" : "e0ed40ec0196543814b00fd0aac7218f23de5ec5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872532" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721914-0e18-483c-b7e4-43fa950d210f" ,
"value" : "5498bb49083289dfc2557a7c205aed7f8b97b2a8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872533" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721915-cddc-495b-859f-45fe950d210f" ,
"value" : "ce18064f675348dd327569bd50528286929bc37a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872534" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721916-8cfc-4327-8fee-4e0d950d210f" ,
"value" : "3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872534" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721916-6d98-4bbf-992e-4280950d210f" ,
"value" : "21c1904477ceb8d4d26ac9306e844b4ba0af1b43"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872535" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721917-2178-42c3-b843-4066950d210f" ,
"value" : "f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MM Core Unpacked DLL Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872569" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721939-3100-4117-8ed9-4e58950d210f" ,
"value" : "13b25ba2b139b9f45e21697ae00cf1b452eeeff5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MM Core Unpacked DLL Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872569" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58721939-0f00-4a6d-966b-4703950d210f" ,
"value" : "c58aac5567df7676c2b08e1235cd70daec3023e8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MM Core Unpacked DLL Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872570" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872193a-b494-417b-9429-462d950d210f" ,
"value" : "4372bb675827922280e8de87a78bf61a6a3e7e4d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MM Core Unpacked DLL Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872571" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872193b-d864-4ff3-a9e6-457e950d210f" ,
"value" : "08bfdefef8a1fb1ea6f292b1ed7d709fbbc2c602"
} ,
{
"category" : "Payload delivery" ,
"comment" : "US pak track ii naval dialogues.doc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872602" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5872195a-2fc8-46ba-af9b-4376950d210f" ,
"value" : "d336b8424a65f5c0b83328aa89089c2e4ddbcf72"
} ,
{
"category" : "Payload delivery" ,
"comment" : "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872784" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a10-f288-42b4-9702-4e1402de0b81" ,
"value" : "72aea0644729cadfe668751587a1e6384c49c398580feecefc51385ecc018631"
} ,
{
"category" : "Payload delivery" ,
"comment" : "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872785" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a11-170c-44ad-97eb-4f2c02de0b81" ,
"value" : "c4cee8d6f30127938681c93dd19f2af4"
} ,
{
"category" : "External analysis" ,
"comment" : "US pak track ii naval dialogues.doc - Xchecked via VT: d336b8424a65f5c0b83328aa89089c2e4ddbcf72" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872786" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a12-9fc8-496e-9634-49f702de0b81" ,
"value" : "https://www.virustotal.com/file/72aea0644729cadfe668751587a1e6384c49c398580feecefc51385ecc018631/analysis/1483862088/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872787" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a13-eba0-47a2-b999-4a2b02de0b81" ,
"value" : "0ec6c4342cf0cae5ba59a216ed074ac0574f04763ce4b5b1944daad9513491b6"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872787" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a13-f348-436e-a7cc-445202de0b81" ,
"value" : "060d13afdb2212a717666b251feda1d3"
} ,
{
"category" : "External analysis" ,
"comment" : "MM Core Unpacked DLL Samples - Xchecked via VT: 4372bb675827922280e8de87a78bf61a6a3e7e4d" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872788" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a14-4514-462c-a44e-4d1c02de0b81" ,
"value" : "https://www.virustotal.com/file/0ec6c4342cf0cae5ba59a216ed074ac0574f04763ce4b5b1944daad9513491b6/analysis/1483698678/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872789" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a15-2874-4692-b24a-47b602de0b81" ,
"value" : "1d3ff6cdda68c63d254df70cef0dc9adfa414200f953499c40cbc75bf3936233"
} ,
{
"category" : "Payload delivery" ,
"comment" : "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872790" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a16-79ec-4e62-9d31-475c02de0b81" ,
"value" : "bddb10729acb2dfe28a7017b261d63db"
} ,
{
"category" : "External analysis" ,
"comment" : "MM Core Unpacked DLL Samples - Xchecked via VT: c58aac5567df7676c2b08e1235cd70daec3023e8" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872790" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a16-b100-4e55-a771-4bc202de0b81" ,
"value" : "https://www.virustotal.com/file/1d3ff6cdda68c63d254df70cef0dc9adfa414200f953499c40cbc75bf3936233/analysis/1483633479/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872791" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a17-7564-4a40-9826-4caa02de0b81" ,
"value" : "f938e87917ca8885001e922f43ef0fe5e67ff390e951a934254ddac808dca1a5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872792" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a18-0f84-4bc6-aa83-450d02de0b81" ,
"value" : "a9c07b9fb099f44e7b8f53a74d7f71d0"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: f89a81c51e67c0bd3fc738bf927cd7cc95b05ea6" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872792" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a18-59e0-4238-8532-45bc02de0b81" ,
"value" : "https://www.virustotal.com/file/f938e87917ca8885001e922f43ef0fe5e67ff390e951a934254ddac808dca1a5/analysis/1483633483/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872793" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a19-2abc-478e-b5fb-416102de0b81" ,
"value" : "a3c8d6eaa6239112b1e881f18ea78f58949150fbf051e599b5d6f81e0d2e31c9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872794" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a1a-cb00-48df-bedc-41ef02de0b81" ,
"value" : "0932b703849364ca1537305761bc3429"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 21c1904477ceb8d4d26ac9306e844b4ba0af1b43" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872795" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a1b-d7a8-430f-ab7d-4a7702de0b81" ,
"value" : "https://www.virustotal.com/file/a3c8d6eaa6239112b1e881f18ea78f58949150fbf051e599b5d6f81e0d2e31c9/analysis/1460698281/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872795" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a1b-2f2c-41ea-8f54-456402de0b81" ,
"value" : "033258861970b3addbe339e9f2c0fde210898896f31dce5d5f7b1d17d19c23eb"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872796" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a1c-7550-4fb8-8efb-45cc02de0b81" ,
"value" : "9e73734ac2ab5293c0f326245658b50e"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 3a8b7ce642a5b4d1147de227249ecb6a89cbd2d3" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872797" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a1d-6e5c-41fb-bd35-491902de0b81" ,
"value" : "https://www.virustotal.com/file/033258861970b3addbe339e9f2c0fde210898896f31dce5d5f7b1d17d19c23eb/analysis/1483633482/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872798" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a1e-a7d8-4a04-ba60-4dbe02de0b81" ,
"value" : "ef549a3688f930bf3c5d49d95ed3d1de51be79af10f9d941892d85b25fabd795"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872798" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a1e-efec-4012-b0be-4cb202de0b81" ,
"value" : "c27da5a756569012449c479609c3b959"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: ce18064f675348dd327569bd50528286929bc37a" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872799" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a1f-2ad4-4c50-9306-44c902de0b81" ,
"value" : "https://www.virustotal.com/file/ef549a3688f930bf3c5d49d95ed3d1de51be79af10f9d941892d85b25fabd795/analysis/1483633482/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872800" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a20-074c-47e6-a681-48cc02de0b81" ,
"value" : "87d743e1876dcb9e13ed8d1dc57125c7c0912b49aa9f02e2f3a45d0e11294317"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872801" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a21-28dc-40dd-83a8-431702de0b81" ,
"value" : "6c833531eb3c6b97095b45fcc8f2a1e6"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 5498bb49083289dfc2557a7c205aed7f8b97b2a8" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872801" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a21-1a9c-414f-94c7-43c702de0b81" ,
"value" : "https://www.virustotal.com/file/87d743e1876dcb9e13ed8d1dc57125c7c0912b49aa9f02e2f3a45d0e11294317/analysis/1458047912/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872802" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a22-d584-49ff-856c-40ab02de0b81" ,
"value" : "1bf0dcf093a04a86c6679f99b6ec5293241b2a16b4749b5ff5af8e11e96ba2a9"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872803" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a23-37fc-403c-a41a-48a902de0b81" ,
"value" : "898812640c2cb691e5d9cdea96fe9599"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: e0ed40ec0196543814b00fd0aac7218f23de5ec5" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872803" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a23-05e8-49af-9028-4e9002de0b81" ,
"value" : "https://www.virustotal.com/file/1bf0dcf093a04a86c6679f99b6ec5293241b2a16b4749b5ff5af8e11e96ba2a9/analysis/1483633481/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872804" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a24-bf78-4e4f-a1c9-455502de0b81" ,
"value" : "4d22a45690d144ad29aaa06104085293e489ad319ba033ca0bd46759b3d5e42e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872805" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a25-7e24-48af-8641-48b902de0b81" ,
"value" : "bffc9f409be33207849207f62622db50"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 188776d098f61fa2c3b482b2ace202caee18b411" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872806" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a26-1990-4c1e-b4fe-4ac802de0b81" ,
"value" : "https://www.virustotal.com/file/4d22a45690d144ad29aaa06104085293e489ad319ba033ca0bd46759b3d5e42e/analysis/1483633481/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872806" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a26-2a54-4c67-8966-401402de0b81" ,
"value" : "e9d5e26e00f3ef239491bdfc80c8b4aabe551135b568c1ac9629202ed10cf2d0"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872807" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a27-df90-4e23-a7d8-45b602de0b81" ,
"value" : "2801b537960058643dfdb3fc5199246d"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: b8e6f570e02d105df2d78698de12ae80d66c54a2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872808" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a28-5f34-4997-993f-45b402de0b81" ,
"value" : "https://www.virustotal.com/file/e9d5e26e00f3ef239491bdfc80c8b4aabe551135b568c1ac9629202ed10cf2d0/analysis/1483698672/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872809" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a29-513c-42cd-a8a9-414d02de0b81" ,
"value" : "0dec4b854bcbf15bda79a1a3d9f322d8519a3273155ad18d3b7ce7d36dfe9e85"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872809" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a29-5e84-4009-935f-4b3b02de0b81" ,
"value" : "fe1eb07a9068c32efd032404a7472e58"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: ab53485990ac503fb9c440ab469771fac661f3cc" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872810" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a2a-950c-48b1-9e9c-47ad02de0b81" ,
"value" : "https://www.virustotal.com/file/0dec4b854bcbf15bda79a1a3d9f322d8519a3273155ad18d3b7ce7d36dfe9e85/analysis/1483633481/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872811" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a2b-e744-411e-b4bb-4f6202de0b81" ,
"value" : "4f3275de51c2d16e8df829d020eae4f2450c9b3afd3b3099d615278e29a00479"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872812" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a2c-07b8-4db7-9de3-433602de0b81" ,
"value" : "380cfac90270b45518c17c224aa8e5be"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 7031f4be6ced5241ae0dd4315d66a261f654dbd6" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872812" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a2c-2080-4fc2-af18-460202de0b81" ,
"value" : "https://www.virustotal.com/file/4f3275de51c2d16e8df829d020eae4f2450c9b3afd3b3099d615278e29a00479/analysis/1483633481/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872813" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a2d-c900-4abc-aeb2-4c6202de0b81" ,
"value" : "86d414a51e946a9a5d8ce411f0f6b54154d7848c046cd58464b49733effdc47a"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872814" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a2e-0338-4f99-8c58-471302de0b81" ,
"value" : "ee4563761247361632046c8966a4c790"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: b931d3988eb37491506504990cae3081208e1a66" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872815" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a2f-bf20-41b2-bb9a-4a3002de0b81" ,
"value" : "https://www.virustotal.com/file/86d414a51e946a9a5d8ce411f0f6b54154d7848c046cd58464b49733effdc47a/analysis/1483633481/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872815" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a2f-19b0-4b16-81dd-49a202de0b81" ,
"value" : "af34e0b3ecbe1f6aeabd5d74ba48a322f401d348de8a3345fe3e18a62d6d7a93"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872816" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a30-4acc-414f-b8e8-45a702de0b81" ,
"value" : "f38ffc4bfe7b449389b05d483016625b"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 83e7b2d6ea775c8eb1f6cfefb32df754609a8129" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872817" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a31-2a00-4bef-b78c-41eb02de0b81" ,
"value" : "https://www.virustotal.com/file/af34e0b3ecbe1f6aeabd5d74ba48a322f401d348de8a3345fe3e18a62d6d7a93/analysis/1483633480/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872817" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a31-1f84-45b4-aaf4-4ace02de0b81" ,
"value" : "87496d1e934706d49b6a03b034f999c61772212b13e901f18453f7f8111defca"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872818" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a32-8fe8-45ad-8243-4fc502de0b81" ,
"value" : "50b20197c9f9f3a8ded3a42aa6cf5315"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: e8bfa4ed85aac19ab2e77e2b6dfe77252288d89b" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872819" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a33-5160-4698-87dc-40ed02de0b81" ,
"value" : "https://www.virustotal.com/file/87496d1e934706d49b6a03b034f999c61772212b13e901f18453f7f8111defca/analysis/1475469859/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872820" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a34-4718-401d-8c17-4eb802de0b81" ,
"value" : "62ba328ada4ac69ac2ec9f9f101d16d5eb72b648c6bd078f735e17c8fc6b2829"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872820" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a34-8cac-494e-95cd-4e4802de0b81" ,
"value" : "0647bac99b6a8407795134f5d67d4590"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 415ad0a84fe7ae5b88a68b8c97d2d27de5b3aed2" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872821" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a35-67f0-44c8-9dab-421c02de0b81" ,
"value" : "https://www.virustotal.com/file/62ba328ada4ac69ac2ec9f9f101d16d5eb72b648c6bd078f735e17c8fc6b2829/analysis/1482068488/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872822" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a36-c628-4aa7-93d2-499f02de0b81" ,
"value" : "3d85b4f923e2201a21a3e27e86ea6a2d3fda9778899568e7c505de5a4b70653e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872823" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a37-2c60-432a-9471-4e3402de0b81" ,
"value" : "2826c9c6c25368f773c0e448572585d0"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: 1cf86d87140f13bf88ede74654e01853bae2413c" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872823" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a37-4c14-4040-b978-4e5c02de0b81" ,
"value" : "https://www.virustotal.com/file/3d85b4f923e2201a21a3e27e86ea6a2d3fda9778899568e7c505de5a4b70653e/analysis/1483633480/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872824" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a38-e2f4-400c-b548-478102de0b81" ,
"value" : "dd4a29b9ad4644350878b4c073661481a64762c4be4a9aa20ff7b71453470cce"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872825" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a39-d50c-4ba2-b029-4c4102de0b81" ,
"value" : "263b6c350cbf7354b99139be17c272d3"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: ef59b4ffc8a92a5a49308ba98cb38949f74774f1" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872825" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a39-fc50-49eb-aa98-44be02de0b81" ,
"value" : "https://www.virustotal.com/file/dd4a29b9ad4644350878b4c073661481a64762c4be4a9aa20ff7b71453470cce/analysis/1483632797/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872826" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a3a-475c-44a4-8137-43f002de0b81" ,
"value" : "e9d086bf3e1e657f847a2364ee1da56db50bfeb291a35f1f92f3b2a9125f6f5e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872827" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a3b-8860-4374-bcd3-4e4802de0b81" ,
"value" : "d692a057330361f8f58163f9aa7fc3a8"
} ,
{
"category" : "External analysis" ,
"comment" : "Dropper/Downloader Samples - Xchecked via VT: f94bada2e3ef2461f9f9b291aac8ffbf81bf46ab" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872828" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a3c-1a08-4680-9c4f-4e5102de0b81" ,
"value" : "https://www.virustotal.com/file/e9d086bf3e1e657f847a2364ee1da56db50bfeb291a35f1f92f3b2a9125f6f5e/analysis/1483712714/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a3c-aa5c-46e5-9141-416202de0b81" ,
"value" : "c89fb4332fef7367543c6457d3a6bfbd4d4f6ad7bea915baefc0489ad0c2a873"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872829" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a3d-58ec-49c2-bb1b-424602de0b81" ,
"value" : "1bbc1549b8fe1ced42e65d8375ff7010"
} ,
{
"category" : "External analysis" ,
"comment" : "Related Gratem Samples - Xchecked via VT: f7372222ec3e56d384e7ca2650eb39c0f420bc88" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872830" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a3e-3fbc-42a7-85d3-47ca02de0b81" ,
"value" : "https://www.virustotal.com/file/c89fb4332fef7367543c6457d3a6bfbd4d4f6ad7bea915baefc0489ad0c2a873/analysis/1483633479/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872831" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58721a3f-1e9c-45e9-9f31-4a1d02de0b81" ,
"value" : "a4ead13d2cb28c4443f023b5b87ec3bd641fb3ad590ca53ab41afefce9cbeccf"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872831" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58721a3f-eba8-4c01-9964-429002de0b81" ,
"value" : "e2bc937f028602dda3fa56ad204ca726"
} ,
{
"category" : "External analysis" ,
"comment" : "Related Gratem Samples - Xchecked via VT: 673f315388d9c3e47adc280da1ff8b85a0893525" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1483872832" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58721a40-54a0-4945-b198-4a6b02de0b81" ,
"value" : "https://www.virustotal.com/file/a4ead13d2cb28c4443f023b5b87ec3bd641fb3ad590ca53ab41afefce9cbeccf/analysis/1483697879/"
}
]
}
}